Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
nginx
(any)
nginx-common
(any)
nginx-core
(any)
nginx-extras
(any)
nginx-full
(any)
nginx-light
(any)
Описание
nginx could be made to crash or run programs if it received specially
crafted network traffic.
USN-4967-1 fixed a vulnerability in nginx. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx
incorrectly handled responses to the DNS resolver. A remote attacker could
use this issue to cause nginx to crash, resulting in a denial of service,
or possibly execute arbitrary code.
crafted network traffic.
USN-4967-1 fixed a vulnerability in nginx. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx
incorrectly handled responses to the DNS resolver. A remote attacker could
use this issue to cause nginx to crash, resulting in a denial of service,
or possibly execute arbitrary code.
Как исправить
Проблема может быть решена обновлением операционной системы до следующих версий пакетов:
Ubuntu 14.04 ESM:
nginx - 1.4.6-1ubuntu3.9+esm2
nginx-common - 1.4.6-1ubuntu3.9+esm2
nginx-core - 1.4.6-1ubuntu3.9+esm2
nginx-extras - 1.4.6-1ubuntu3.9+esm2
nginx-full - 1.4.6-1ubuntu3.9+esm2
nginx-light - 1.4.6-1ubuntu3.9+esm2
Ubuntu 16.04 ESM:
nginx - 1.10.3-0ubuntu0.16.04.5+esm1
nginx-common - 1.10.3-0ubuntu0.16.04.5+esm1
nginx-core - 1.10.3-0ubuntu0.16.04.5+esm1
nginx-extras - 1.10.3-0ubuntu0.16.04.5+esm1
nginx-full - 1.10.3-0ubuntu0.16.04.5+esm1
nginx-light - 1.10.3-0ubuntu0.16.04.5+esm1
Ubuntu 14.04 ESM:
nginx - 1.4.6-1ubuntu3.9+esm2
nginx-common - 1.4.6-1ubuntu3.9+esm2
nginx-core - 1.4.6-1ubuntu3.9+esm2
nginx-extras - 1.4.6-1ubuntu3.9+esm2
nginx-full - 1.4.6-1ubuntu3.9+esm2
nginx-light - 1.4.6-1ubuntu3.9+esm2
Ubuntu 16.04 ESM:
nginx - 1.10.3-0ubuntu0.16.04.5+esm1
nginx-common - 1.10.3-0ubuntu0.16.04.5+esm1
nginx-core - 1.10.3-0ubuntu0.16.04.5+esm1
nginx-extras - 1.10.3-0ubuntu0.16.04.5+esm1
nginx-full - 1.10.3-0ubuntu0.16.04.5+esm1
nginx-light - 1.10.3-0ubuntu0.16.04.5+esm1
Ссылки
Источник: CVE
Наименование: CVE-2021-23017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017
https://ubuntu.com/security/notices/USN-4967-2
Наименование: CVE-2021-23017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017
https://ubuntu.com/security/notices/USN-4967-2